It is only a matter of time before Cloud computing hits mainstream. The era of limiting locations (headquarters, plants, call centers, etc.) used VPN technology to keep things closed even when separated. However, today's hot words are telecommuting and Cloud computing. We have to reconsider the problem of carrying data outside the office from scratch.
As one opinion, we offer the below four principles to work from, with a perspective of optimizing work (continuance of current work, using teleworking, assuming global businesses) and handling natural disasters.
[Centralization] Data should be centrally managed on the Cloud.
[Control] Authorization to access each data should be kept at the bare minimum.
[Log] Every reference and browsing of data should be recorded and logged.
[Education] Duplicating data to local disks or media should be prohibited (personal education).
Today let's introduce a workflow for giving temporary permission to browse particularly sensitive data.
Tasks: 1. Apply for Authorization to Access, 2. Give Temporary Authorization, 3. Handle Rejection, 4. Report Action, 5. Cancel Authorization
[Data Access <Confirm Cancellation>: "2. Give Temporary Authorization" screen]
With the above workflow, at task 2 the supervisor can grant access to the concerned data or make a duplicate on the Cloud and grant access to the duplicate. The below workflow adds the task of third-party confirmation to make sure the temporary authorization was restored to the initial setting.
Moreover, if many employees frequently ask for permission to access a certain data, the company should consider making it permanently available for browsing.
Tasks: 1. Apply for Authorization to Access, 2. Give Temporary Authorization, 3. Handle Rejection, 4. Report Action, 5. Cancel Authorization, 6. Confirm Cancellation